General
-
Target
370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b
-
Size
2.3MB
-
Sample
240604-njb25afa63
-
MD5
bb4c60b21b9e22d4ec5d616b287f1bc8
-
SHA1
0b176055066076f1f54979e042e0b9ab31318ac1
-
SHA256
370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b
-
SHA512
d71da4987a549a07050b26a6e2754b259535b8663e40ca0d53a8a7d909fb1a742decd445437e405ec06fcaea070c575462495d1fdd92deb538b8880259e4bf3b
-
SSDEEP
49152:hkmKhyq24kI3qebVahCWKu7BP/2mgAkdhqqIgRM:hkmKEqlkAbkhC9SPxgd7q
Static task
static1
Behavioral task
behavioral1
Sample
370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b
-
Size
2.3MB
-
MD5
bb4c60b21b9e22d4ec5d616b287f1bc8
-
SHA1
0b176055066076f1f54979e042e0b9ab31318ac1
-
SHA256
370d040626fd577ec0a4943c2a94c278fa9eb921e774d4ac9949e2eadd5cfa8b
-
SHA512
d71da4987a549a07050b26a6e2754b259535b8663e40ca0d53a8a7d909fb1a742decd445437e405ec06fcaea070c575462495d1fdd92deb538b8880259e4bf3b
-
SSDEEP
49152:hkmKhyq24kI3qebVahCWKu7BP/2mgAkdhqqIgRM:hkmKEqlkAbkhC9SPxgd7q
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-